[c-nsp] Problem with VPN between ASA and Bintec

[Garry]

Hi,

on a VPN connection we are running we are intermittently experiencing
some problems. Local system is a Cisco ASA cluster (Active/Passive HA),
OS is 8.3(2)37, remote end is a Bintec device, sorry, no more details on
the exact model.

The VPN comes up fine as such and works for a while. Occasionally, the
VPN tunnel stops working, though we do not have further information on
what the root cause of the problem could be. Anyway, in that situation,
while the tunnel looks like it's up on the Bintec side, no traffic is
transmitted anymore. By re-initiating the VPN on the Bintec, the tunnel
is setup again and will work.

We have already set up a backup tunnel, which has mitigated the problem
somewhat, but on occasion both tunnels will fail and need to be set up
again.

Another problem is that usually we are not informed of the failure, so
debug information is rather scarce. I can not say what state the local
side of the tunnels is in in that situation. Due to the fact that the
connection is required for card payment information, re-establishing a
working connection is urgent, so keeping it down for debugging purposes
is more or less out of the question.

Has anybody here seen this problem in a similar situation and could
point me towards a solution?

Thanks, Garry